GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
13 advisories
Filter by severity
Cryptographically Weak Pseudo-Random Number Generator (PRNG) in akka-actor
Critical
CVE-2018-16115
was published
for
com.typesafe.akka:akka-actor_2.11
(Maven)
Oct 22, 2018
Critical severity vulnerability that affects generator-jhipster
Critical
GHSA-mwp6-j9wf-968c
was published
for
generator-jhipster
(npm)
Sep 13, 2019
•
withdrawn
JHipster Kotlin using insecure source of randomness `RandomStringUtils` before v1.2.0
Critical
CVE-2019-16303
was published
for
generator-jhipster-kotlin
(npm)
Jun 26, 2020
PolarSSL versions prior to v1.1 use the HAVEGE random number generation algorithm. At its heart,...
Critical
Unreviewed
CVE-2011-4574
was published
Apr 22, 2022
It was discovered that QtPass before 1.2.1, when using the built-in password generator, generates...
Critical
Unreviewed
CVE-2017-18021
was published
May 14, 2022
In InfiniteWP Admin Panel before 3.1.12.3, resetPasswordSendMail generates a weak password-reset...
Critical
Unreviewed
CVE-2020-28642
was published
May 24, 2022
Cryptographically weak PRNG in `utils.generateUUID`
Critical
CVE-2022-36045
was published
for
nodebb
(npm)
Aug 30, 2022
An issue was discovered in Object First 1.0.7.712. The authorization service has a flow that...
Critical
Unreviewed
CVE-2022-44796
was published
Nov 7, 2022
A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with...
Critical
Unreviewed
CVE-2022-35255
was published
Dec 6, 2022
go.uuid has Predictable UUID Identifiers
Critical
CVE-2021-3538
was published
for
github.com/satori/go.uuid
(Go)
Feb 7, 2023
The cryptographically insecure random number generator being used in TravianZ 8.3.4 and 8.3.3 in...
Critical
Unreviewed
CVE-2023-36993
was published
Jul 7, 2023
Apache StreamPipes: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Recovery Token Generation
Critical
CVE-2024-29868
was published
for
org.apache.streampipes:streampipes-resource-management
(Maven)
Jun 24, 2024
Withdrawn Advisory: go-mysql affected by go.uuid's Predictable UUID Identifiers
Critical
GHSA-rc7v-65v6-m2v3
was published
for
github.com/go-mysql-org/go-mysql
(Go)
Oct 28, 2024
•
withdrawn
ProTip!
Advisories are also available from the
GraphQL API